No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AC6605(V2R6)Station roam unsuccessfully among two access points

Publication Date:  2016-12-31 Views:  75 Downloads:  0
Issue Description
The station access WIFI via the SSID and then moves between two access points, sometimes the connection is dropped and the authentication process is redone.
Handling Process

1.Trace the station associated procedure on AC when the issue occured:

[BTRACE][2016/08/26 14:36:45][EAPoL][F8A9-D031-1E95]:Send EAP_request packet to user successfully.(Index=509)
[BTRACE][2016/08/26 14:36:45][EAPoL][F8A9-D031-1E95]:No response of request identity from user.
[BTRACE][2016/08/26 14:36:45][EAPoL] [F8A9-D031-1E95]:Resend a EAPoL request identity packet to user.
[BTRACE][2016/08/26 14:36:45][EAPoL] [F8A9-D031-1E95]:
  EAPOL packet: OUT
      F8 a9 d0 31 1e 95 90 17 ac b9 a5 98 81 00 00 01
      88 8e 01 00 00 05 01 e0 00 05 01 

According to the trace-information of AC, when the station associated, AC had send a EAP request message of authentication to station, but AC can't receive the EAP response message from station.

2.Trace the station associated procedure on AP:

[AP4-SW-diagnose]Aug 26 2016 14:36:45.580.3+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:station association request.
[AP4-SW-diagnose]Aug 26 2016 14:36:45.580.4+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:station is accessed by AC.
[AP4-SW-diagnose]Aug 26 2016 14:36:45.590.1+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:association response from ac:
[AP4-SW-diagnose]Aug 26 2016 14:36:45.590.2+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:4-way handshake switch = 0
[AP4-SW-diagnose]Aug 26 2016 14:36:45.590.3+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:WUAMK_UserKernelMsgProc[845]: Enter:
[AP4-SW-diagnose]Aug 26 2016 14:36:45.600.1+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:AC add the station:
[AP4-SW-diagnose]Aug 26 2016 14:36:45.600.2+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:AC set the user vlan:
[AP4-SW-diagnose]Aug 26 2016 14:36:45.600.3+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:receive eap pkt to sta from CAPWAP(21),[type(0)=EAP pkt, src mac=90:17:ac:b9:a5:98, len=27]
[AP4-SW-diagnose]Aug 26 2016 14:36:45.600.4+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:receive eap pkt from sta by BSS(25),[type(0)=EAP pkt, dest mac=94:04:9c:c7:d6:b0, len=35]
[AP4-SW-diagnose]Aug 26 2016 14:36:48.600.3+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:receive eap pkt to sta from CAPWAP(21),[type(0)=EAP pkt, src mac=90:17:ac:b9:a5:98, len=27]
[AP4-SW-diagnose]Aug 26 2016 14:36:48.620.1+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][F8A9-D031-1E95]:receive eap pkt from sta by BSS(25),[type(0)=EAP pkt, dest mac=94:04:9c:c7:d6:b0, len=35]

The trace-information has showed that AP has received the EAP reply messages from the station and sent out these message, So it can proved that the EAP messages are dropped on the devices between AC and AP。 

3.Change the service-vlan of SSID from VLAN1 to VLAN50 on AC, and then the station can associated SSID normally.
[AP4-SW]Aug 25 2016 16:50:04.200.5+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][7048-0F83-B73B]:station association request.
[AP4-SW]Aug 25 2016 16:50:04.200.6+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][7048-0F83-B73B]:station is accessed by AC.
[AP4-SW]Aug 25 2016 16:50:04.220.3+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][7048-0F83-B73B]:AC set the user vlan:
    radio id :1
    vlan     :50
[AP4-SW]Aug 25 2016 16:50:07.380.5+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][7048-0F83-B73B]:[WPA] Send group msg1/2 to STA.
[AP4-SW]Aug 25 2016 16:50:07.390.1+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][7048-0F83-B73B]:receive eap pkt from sta by BSS(27),[type(3)=EAPoL-Key, dest mac=94:04:9c:c7:d6:b2, len=117]
[AP4-SW]Aug 25 2016 16:50:07.390.2+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][7048-0F83-B73B]:[WPA] Receive eapol-key message.
[AP4-SW]Aug 25 2016 16:50:07.390.3+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][7048-0F83-B73B]:[WPA] Group-Key-Handshake done.
[AP4-SW]Aug 25 2016 16:50:07.390.4+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][7048-0F83-B73B]:server : notify handshake result :
IsPtkRekey                  = 0
keyBitMap(0x1:ptk,0x2:gtk)  = 0x2
result(0:success,1:fail)    = 0
[AP4-SW]Aug 25 2016 16:50:49.210.2+00:00 AP4-SW WSRV/7/BTRACE:[BTRACE][WLAN_AP][7048-0F83-B73B]:WUAMK_5GPreferAuthProc[2542]:
 Auth Request,  RadioId[0], VapId[2].

 

Root Cause

According to capture packets and replacement test, the cause of station connect WIFI via the SSID failed sometime is that SSID uses VLAN1 as service-vlan, and the network of VLAN1 is not stable, so the EAP response packets are dropped on the devices between AC and AP.

Because VLAN1 is the management VLAN of all devices while it serves as the business VLAN of all wired users and wireless users, so EAP response packets are readily dropped when many protocol packets traffic heavy at the same time.

Solution
SSID change the service-vlan from VLAN1 to VLAN50, and wireless users can communicate with wired users by L3 routing table.
Now the VLAN50 has been added on the interfaces connected the APs, also create L3 interface on AC, so don't need to change too much configuration, just update the service-vlan of SSID, this is the foremost command below :
[AC1-wlan-view] vap-profile name IPEA
[AC1-wlan-vap-prof- IPEA] service-vlan vlan-id 50

END